SECUNIA ADVISORY ID: SA28251

VERIFY ADVISORY: http://secunia.com/advisories/28251/

CRITICAL: Highly critical

IMPACT: Unknown, Cross Site Scripting, System access

SOFTWARE: Mambo 4.x - http://secunia.com/product/872/

DESCRIPTION: Some vulnerabilities have been reported in Mambo, one with an unknown impact and others, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system. The vulnerabilities are reported in version 4.6.2. Prior versions may also be affected.

1) A vulnerability is caused due to the use of a vulnerable copy of PHPMailer. For more information: SA25626

2) Input passed to unknown parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that the target user has valid administrator credentials.

3) A vulnerability is caused due to unknown errors in the template chooser functionality. No further information is currently available.

SOLUTION: Update to version 4.6.3.

PROVIDED AND/OR DISCOVERED BY: 1) Originally reported in PHPMailer by Thor Larholm. 2, 3) Reported by the vendor.

ORIGINAL ADVISORY: http://source.mambo-foundation.org/content/view/134/1/

OTHER REFERENCES: SA25626: http://secunia.com/advisories/25626/